This is an updated version of RIT Student Government's repository passport-saml-example using TypeScript.
This app requires 3 files to be placed in a folder named cert located in the project's root directory. These files include (1) the certificate of the Identity Provider (IdP). In this case, RIT's Shibboleth Server is the IdP. As a Service Provider (SP), you need to generate your own (2) certificate and (3) private key. These files are named as follows:
cert.pem: SP's certificate (Generated by you)key.pem: SP's private key (Generated by you)idp_cert.pem: IdP's certificate (RIT's is contained in https://shibboleth.main.ad.rit.edu/rit-metadata.xml)
To generate the SP files, you can run the following command:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -nodes -days 900The IdP Certificate is contained within the ds:X509Certificate tag. You can copy it and paste it into the idp_cert.pem file. Be sure you remove any spaces in between and have no new lines. This certificate should end up being a one line file.
Lastly, copy .env.sample to .env and edit appropriately. Running this app locally will likely not work since the IdP can't redirect to localhost.
Contact ITS to register your Service Provider. During this step, the IdP Administrator downloads the metadata from the /Shibboleth.sso/Metadata endpoint and loads it into the IdP.
yarn install # npm install for npm
yarn start # npm start for npmThis version of code will check if the signed in user is a student. To return the plain Profile object you can modify the code below:
(profile: any, done: any) => {
return done(
null,
new User(
profile.FirstName,
profile.LastName,
profile.Email,
profile["urn:oid:1.3.6.1.4.1.4447.1.41"].includes("Student")
)
);
};Should be changed to:
(profile: any, done: any) => {
return done(null, profile);
};